tag:blogger.com,1999:blog-13756280.post115392892255182180..comments2015-07-31T03:10:46.817-07:00Comments on Jeremiah Grossman: Where the next BIG attacks will come fromJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-13756280.post-1154023172390455252006-07-27T10:59:00.000-07:002006-07-27T10:59:00.000-07:00Yah, I think right now, security on the Web is bas...Yah, I think right now, security on the Web is basically completely broken. User have no way to protect themselves. Things wouldn't be so bad if the browser vendors were actively working on something, but their not. What you can do with JS is so amazing now, hard to tell where we go from here. There are lots of ideas, just no implemenation.<BR/><BR/><BR/>Jeremiah-Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1154017098002347622006-07-27T09:18:00.000-07:002006-07-27T09:18:00.000-07:00Jeremiah,Thanks for the kind comments, I'm glad yo...Jeremiah,<BR/><BR/>Thanks for the kind comments, I'm glad you found the article thought provoking. <BR/><BR/>I am in complete agreement with you on the security issues associated with cross-domain Javascript. <BR/><BR/>We've spent the last 20 years making our operating systems more and more secure and our browsers bomb-proof. Unfortunately many of us now do most of our work inside the browser itself and outside the firewall.<BR/><BR/>It's only going to take one semi-successful Web 2 or MySpace add-in company with a neat little blog widget that surreptitiously harvests document data and we're going to see passwords disappearing everywhere.<BR/><BR/>I personally think that the answer lies in segmenting scope within the browser. <BR/><BR/>We have to get the tools to ringfence foreign code and data or else things are going to get very messy indeed.Peter Nixeyhttp://www.blogger.com/profile/17215409904985512915noreply@blogger.com